Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20240309185312.GA8513@openwall.com>
Date: Sat, 9 Mar 2024 19:53:12 +0100
From: Solar Designer <solar@...nwall.com>
To: Miguel Suarez <suarezmiguelc@...oud.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: help wanted - bring more issues in here

Hi Miguel,

Somehow you didn't send your message as a reply to the thread - as a
moderator, I've manually edited its headers to make it part of the
thread.  Going forward, when you want to comment on a thread in here,
please just hit reply on a message in the thread, so that your reply is
also part of the thread.  Also, posting from your phone is probably not
a good idea.

On Sat, Mar 09, 2024 at 07:21:55PM +0100, Miguel Suarez wrote:
> I have taken a look at the hep wanted mail threat, and became interested in it, so I wanted to ask for more details,
> 
> I'm interested in the third subtask, I wonder how much time would this take

It can vary a lot, but I'd guesstimate half an hour per a reasonable
quality write-up on average.  Some lucky ones can take 5 minutes (just
forward a relevant message from another mailing list you're on, writing
only the Subject line).  Some complex ones can take hours (refer to
multiple sources, figure out what the issue really is, describe it in
your own words if no correct and complete description already exists).
Typical is in between (e.g., extract content from a blog post e.g. with
ELinks as I had suggested earlier, wrap it with proper attribution into
a properly formatted message).  There's no requirement on how many
issues you handle (during the period of your involvement, whatever it
is), but my expectation is that it won't be just one (otherwise it's
quicker for me to just handle that one myself rather than delegate it).

> and, if possible, small details on the requirements,

The messages you post should meet the list content guidelines:

https://oss-security.openwall.org/wiki/mailing-lists/oss-security#list-content-guidelines

When you're handling just the third sub-task, it means that I (or
someone else) have already made sure the topic is valid for the list.
So only the style and quality guidelines are left for you to meet:

- English

- Plain text (no HTML)

- When applicable, the message Subject must include the name and
version(s) of affected software, and vulnerability type. For example, a
Subject saying only "CVE-2099-99999" is not appropriate, whereas
"CVE-2099-99999: Acme Placeholder 1.0 buffer overflow" would be OK.

- At least the most essential part of your message (e.g., vulnerability
detail and/or exploit) should be directly included in the message itself
(and in plain text), rather than only included by reference to an
external resource.  Posting links to relevant external resources as well
is acceptable, but posting only links is not.  Your message should
remain valuable even with all of the external resources gone.

and specific to this task:

- Third-party content you quote should be clearly separated from your
own writing as well as from other quotes (if you quote multiple
sources), and clearly attributed.

Please let me know off-list if you'd like me to suggest an initial task
to you.

Thanks,

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.